2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2020-3268" ,
2025-01-26 03:03:52 +00:00
"sourceIdentifier" : "psirt@cisco.com" ,
2023-04-24 12:24:31 +02:00
"published" : "2020-06-18T03:15:11.963" ,
2024-11-23 13:10:58 +00:00
"lastModified" : "2024-11-21T05:30:41.707" ,
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory."
} ,
{
"lang" : "es" ,
"value" : "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web de Routers Cisco RV110W, RV130, RV130W, y RV215W Series, podr\u00edan permitir a un atacante remoto autenticado con privilegios administrativos ejecutar comandos arbitrarios. Para m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" ,
2024-11-23 13:10:58 +00:00
"baseScore" : 7.2 ,
"baseSeverity" : "HIGH" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-11-23 13:10:58 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 1.2 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV30" : [
{
2025-01-26 03:03:52 +00:00
"source" : "psirt@cisco.com" ,
2023-04-24 12:24:31 +02:00
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.0" ,
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" ,
2024-11-23 13:10:58 +00:00
"baseScore" : 7.2 ,
"baseSeverity" : "HIGH" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-11-23 13:10:58 +00:00
"availabilityImpact" : "HIGH"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 1.2 ,
"impactScore" : 5.9
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C" ,
2024-11-23 13:10:58 +00:00
"baseScore" : 9.0 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
2024-11-23 13:10:58 +00:00
"availabilityImpact" : "COMPLETE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 8.0 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
2025-01-26 03:03:52 +00:00
"source" : "psirt@cisco.com" ,
2024-11-23 13:10:58 +00:00
"type" : "Secondary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-119"
}
]
} ,
{
2024-11-23 13:10:58 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-04-24 12:24:31 +02:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-119"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:rv110w_firmware:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "1.2.2.5" ,
"matchCriteriaId" : "91426939-7704-468F-8F30-4506B8299252"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:rv110w:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "20E8ECAC-E842-41DB-9612-9374A9648DC2"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:rv130_firmware:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "1.0.3.54" ,
"matchCriteriaId" : "86780C69-B05A-4E96-914E-D9815921FB06"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:rv130:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D5D233CF-2504-4E69-9AD0-D3B631C8FC11"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:rv130w_firmware:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "1.0.3.54" ,
"matchCriteriaId" : "4E632E91-57AD-494C-8E92-5A285F135ADF"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:rv130w:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C3C9AFAA-1387-4067-AF7E-2E4AAD2A272A"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:rv215w_firmware:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "1.3.1.5" ,
"matchCriteriaId" : "8BD734B0-9E41-4859-8FB5-9058FC8B5A7F"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:rv215w:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8686AB22-F757-468A-930B-DDE45B508969"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-injection-tWC7krKQ" ,
2025-01-26 03:03:52 +00:00
"source" : "psirt@cisco.com" ,
2023-04-24 12:24:31 +02:00
"tags" : [
"Vendor Advisory"
]
2024-11-23 13:10:58 +00:00
} ,
{
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-injection-tWC7krKQ" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
